Telephone-based systems collect useful metadata, including Call Detail Records (CDR). By analyzing large volumes of CDR data from a phone system, behavioral patterns can be discerned that can identify fraudulent activity.
It is desirable to identify fraudulent activity during a call or determine a risk score for a call during the call. Waiting until after the call is completed may mean a fraud is already perpetrated or an opportunity to acquire information regarding the perpetrator has been lost. Detecting fraud during a call allows the caller to act accordingly. For example, in addition to disallowing access to an account, the caller may request additional information about the caller to supplement a profile concerning the caller.
Deployment of a system to identify fraudulent activity during a call or to determine a risk score for a call during the call may result in the rapid acquisition of many records. For example, a bank may have millions of customers or users. Performing look-up, detecting fraud, and taking action in response to the fraud detection (or determining low probability of fraud and taking action in response to the low probability of fraud) during a call becomes increasingly difficult as the number of records increases, both in terms of the number of users and the number of records per user. Some features relevant to determining a risk score may be difficult to determine rapidly.
As recognized by the inventors, data contained in CDRs and data obtained during a call may be used to determine fraud. Using the systems and methods disclosed herein, fraudulent activity may be detected and identified, and a risk score determined, during a call, including in situations involving large amounts of data. Further, the risk score for a call may be determined during the call using features which may be complex, including behavior, reputation, and velocity features. A machine learning model, which may include a supervised classifier, may be used in the determination of the risk score of a call during the call.
Interactive voice response (IVR) systems are widely used as a means for appropriately routing a call into a call center. As the use of these systems has become more widespread, users of the IVR have been able to accomplish an ever-increasing number of tasks from within the system, often without interacting with a human. These tasks include account authentication, balance checking, and more. With this increase in capability in the IVR has come an increase of malicious activity directed towards extracting information and committing fraud by taking advantage of weaknesses inherent in an automated system.
As recognized by the inventors, user behavior in an IVR system may enable the detection of fraudulent or malicious interactions when compared to the behavior of genuine users. By monitoring how users interact with a system historically, a detection framework may be constructed to predict and prevent fraudulent or malicious activity.